Molkobain

**Name of the Vulnerable Software and Affected Versions** iTop versions prior to 3.1.1 **Description** The issue concerns an IT service management platform where XSS attacks are possible when displaying or editing a user's personal tokens. **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Combodo iTop versions 3.0.0 beta through 3.0.0 beta2 **Description** Combodo iTop is a web-based IT Service Management tool. A malicious script can be injected in tooltips using the iTop customization mechanism, providing a stored cross-site scripting attack vector to authorized users of the system. **Recommendations** For versions 3.0.0 beta through 3.0.0 beta2, upgrade to a version newer than 3.0.0 beta2 to resolve the issue. As a temporary workaround, consider restricting the use of the iTop customization mechanism to minimize the risk of exploitation.